CVE-2024-52337

Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.

An update for tuned is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

*Credits: Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-11-08 CVE Reserved
2024-11-26 CVE Published
2024-12-03 EPSS Updated
2025-01-09 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (8)

URL	Tag	Source
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:10381	2024-11-26
https://access.redhat.com/errata/RHSA-2024:10384	2024-11-26
https://access.redhat.com/security/cve/CVE-2024-52337	2024-11-26
https://bugzilla.redhat.com/show_bug.cgi?id=2324541	2024-11-26
https://access.redhat.com/errata/RHSA-2024:11161	2025-01-09
https://access.redhat.com/errata/RHSA-2025:0195	2025-01-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Red Hat Search vendor "Red Hat"		Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Fast Datapath Search vendor "Redhat" for product "Fast Datapath"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Extras Rt Els Search vendor "Redhat" for product "Rhel Extras Rt Els"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Extras Sap Els Search vendor "Redhat" for product "Rhel Extras Sap Els"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Extras Sap Hana Els Search vendor "Redhat" for product "Rhel Extras Sap Hana Els"				*		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Els Search vendor "Redhat" for product "Rhel Els"				*		-		Affected